Cryptography: Public Keys, Private Keys, and SSL

By Prof. David Chen, CS Examiner·Updated April 18, 2026
A lock graphic demonstrating how the same key is used for symmetric encryption, while different keys are used for asymmetric.

What is the difference between Symmetric and Asymmetric Encryption?

Symmetric encryption uses ONE single secret key to both encrypt and decrypt a file. It is very fast, but sharing the key safely over the internet is dangerous. Asymmetric uses TWO keys (a Public key that encrypts, and a Private key that decrypts). It completely solves the key-sharing problem, but the complex mathematics make it much slower.

Table of Contents

Data security is highly tested in Paper 1. Understanding how internet banking stays secure requires you to know exactly how Public and Private keys interact. This guide from our Ultimate O-Level Computer Science Guide explains the progression from fast-but-flawed algorithms to unbreakable web security.

1. Plaintext vs Ciphertext

Before diving into keys, you must use the correct examiner vocabulary. Data that can be read naturally by humans or computers (like a password 'secret123') is called Plaintext.

Through an encryption algorithm, this is scrambled into meaningless garbage (like 'X9$qPZ!2'). This scrambled version is strictly called Ciphertext.

2. The Flaw of Symmetric Encryption

In Symmetric Encryption, the sender and receiver use the exact same key. Think of it like a physical padlock and a single key. You put a message in a box, lock it with the key, and mail it to a friend.

The Key Distribution Problem

When your friend receives the box, they can't open it because you have the key. If you put the key in an envelope and mail it to them, a hacker (man-in-the-middle) can intercept the mail, copy the key, and read all your future messages. Symmetric encryption is fast, but sharing the secret key across the open internet is extremely unsafe.

3. The Asymmetric Key Pair Solution

Asymmetric encryption fixes the distribution problem by using mathematical Key Pairs. There are two keys that belong to the receiver (let's say, your Bank).

  • The Public Key: The Bank gives this key away for free on their website to anyone in the world. Its ONLY job is to encrypt data. It physically cannot decrypt data.
  • The Private Key: A highly secured key held deep inside the Bank's servers. Its ONLY job is to decrypt data that was locked by its sibling Public Key.

The Process: You want to send your password to the Bank. You download their Public Key. You use it to encrypt your password. The ciphertext flies across the internet. Even if a hacker intercepts it, and even if they have the Public Key, they can't read the message! The only thing on Earth that can pry the message open is the Bank's protected Private Key.

💡 Tutor's Tip
Digital Certificates: How do you know the Public Key you downloaded actually belongs to the Bank, and not a hacker pretending to be the Bank? A Digital Certificate acts as a passport. It is signed by a trusted third party (a Certificate Authority) proving the Public Key is authentic.

4. How SSL/TLS Combines Both Methods

In reality, downloading entire movies using Asymmetric Encryption would take hours because the math is so heavy. When you connect to an HTTPS website, your browser actually uses BOTH methods.

  1. First, your computer and the server use Asymmetric Encryption to safely send a small, temporary Symmetric Key to each other over the internet.
  2. Now that both sides safely hold the same secret Symmetric Key, they throw away the slow Asymmetric keys.
  3. They use the ultra-fast Symmetric Key to encrypt and decrypt the rest of the actual website data (videos, images) for the rest of the session.
Prof. David Chen📋 From the Desk of Prof. David Chen
If a 4-mark question asks you to "Explain how a web browser uses SSL to securely communicate with a server", do not write a story about hackers. Focus strictly on the technical steps: 1) Browser requests server identity. 2) Server sends Digital Certificate and Public Key. 3) Browser verifies certificate. 4) Browser uses server's Public Key to encrypt a session key to send back to the server.

Frequently Asked Questions

What is Symmetric Encryption?
Using the single same key to both scramble and unscramble a message.
Why is Symmetric Encryption risky over the internet?
Because the secret key must be physically transmitted to the receiver, making it vulnerable to interception by hackers.
How does Asymmetric Encryption work?
The sender uses the receiver's Public Key to encrypt the message. The receiver uses their own secret Private Key to decrypt it.
What does a Digital Certificate do?
It is authenticated by a Certificate Authority to prove that a specific Public Key definitively belongs to the legitimate organization.

Stop Guessing, Start Scoring

Get instant access to 500+ CAIE-aligned practice questions, worked solutions, and AI-powered mock exams across all O-Level subjects.

Access the Study Portal →Prepare with the Oracle Engine

Related Computer Science Articles